A computer device executes a process using a plurality of physical and logical resources, which are provided, ultimately, by the underlying hardware of the computer device. These resources include, for example, system services, drivers, files and registry settings. Many operating systems include a security module that enforces access rights for each process, whereby the process is permitted (or denied) access to each of the resources, consistent with a set of security privileges allocated to that process.
It is desirable to implement a least-privilege access model, whereby each process is granted the minimal set of access privileges sufficient for that process to operate on the computer device. For example, a user-level process is able to read from a particular file, but is not permitted to write to that file. Meanwhile, a local administrator level typically has a higher privilege, e.g. is able to both read and write to that file.
Unfortunately, in practice, many application programs require a relatively high privilege level, such as the local administrator level, in order to install and operate correctly. There is a tendency for user processes to gain additional privilege rights, such as local administrator level, and thus gain greater access to the resources of the computer device. These additional privilege rights may then enable accidental tampering with key resources of the computer device, leading to errors or corruption within the device. Further, a particular user process (e.g. an infection or malware) may maliciously access key resources of the computer device with the deliberate intention of subverting security or causing damage.
Therefore, the inventors have identified a desire to provide a mechanism which prevents a user process from accessing key resources of the computer device. It is desired that an anti-tamper mechanism should be effective even if the user process has a relatively high privilege level such as a local administrator level.
The example embodiments have been provided with a view to addressing at least some of the difficulties that are encountered in current computer devices, whether those difficulties have been specifically mentioned or will otherwise be appreciated from the discussion herein.